SUSE Linux Enterprise Server update for libsndfile

Published: 2021-08-06 | Updated: 2022-03-28

Risk	High
Patch available	YES
Number of vulnerabilities	4
CVE-ID	CVE-2018-13139 CVE-2018-19432 CVE-2018-19758 CVE-2021-3246
CWE-ID	CWE-121 CWE-476 CWE-125 CWE-122
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available.
Vulnerable software	SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE OpenStack Cloud Operating systems & Components / Operating system
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Stack-based buffer overflow

EUVDB-ID: #VU14198

Risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-13139

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to stack-based buffer overflow in psf_memset in common.c. A remote attacker can send a specially crafted audio file, trick the victim into opening it, trigger memory corruption and cause the service to crash.

Mitigation

Install update from vendor's website.

SUSE OpenStack Cloud Crowbar 9 (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE OpenStack Cloud 9 (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE OpenStack Cloud 8 (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile-devel-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 9

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20212615-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU16040

Risk: Low

CVSSv4.0: 5.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-19432

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to NULL pointer dereference in the function sf_write_int in sndfile.c. A remote attacker can trigger NULL pointer dereference and cause the service to crash.

Mitigation

Install update from vendor's website.

SUSE OpenStack Cloud Crowbar 9 (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE OpenStack Cloud 9 (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE OpenStack Cloud 8 (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile-devel-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 9

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20212615-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Out-of-bounds read

EUVDB-ID: #VU16205

Risk: Low

CVSSv4.0: 5.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-19758

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer overread condition in the wav_write_headerfunction, as defined in the wav.c source code file. A remote attacker can trick the victim into following a custom link or opening a crafted audio file that submits malicious input, trigger memory corruption and perform a denial of service attack.

Mitigation

Install update from vendor's website.

SUSE OpenStack Cloud Crowbar 9 (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE OpenStack Cloud 9 (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE OpenStack Cloud 8 (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile-devel-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 9

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20212615-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Heap-based buffer overflow

EUVDB-ID: #VU55455

Risk: High

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2021-3246

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error msadpcm_decode_block() function of libsndfile. A remote attacker can trick the victim to open a specially crafted WAV file, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

SUSE OpenStack Cloud Crowbar 9 (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE OpenStack Cloud 9 (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE OpenStack Cloud 8 (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile-devel-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1
SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
- libsndfile-debugsource-1.0.25-36.23.1
- libsndfile1-1.0.25-36.23.1
- libsndfile1-32bit-1.0.25-36.23.1
- libsndfile1-debuginfo-1.0.25-36.23.1
- libsndfile1-debuginfo-32bit-1.0.25-36.23.1

Vulnerable software versions

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP5

SUSE OpenStack Cloud: 9

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20212615-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.